<?php
session_start();
require_once("../config/config1.php");
$UserId=$_SESSION['iduser'];
$post=$_POST;
$lr_paidto=rtrim(trim($_post["lr_paidto"]));
$lr_paidby=rtrim(trim($post["lr_paidby"]));
$lr_store="goodshopstore";
$lr_amnt=rtrim(trim($post["lr_amnt"]));
$lr_transfer=rtrim(trim($post["lr_transfer"]));
$lr_currency=rtrim(trim($post["lr_currency"]));
$secret_word="sac#^%$#323vSW";
$hashPost=rtrim(trim($post["lr_encrypted"]));
$hashword="U8276640:$lr_paidby:$lr_store:$lr_amnt:$lr_transfer:$lr_currency:$secret_word";
$hash=hash("SHA256", $hashword);
$Uper=strtoupper($hash);
$token_respond=rtrim(trim($post["token"]));
$token=$_SESSION["token"];
if(($Uper==$hashPost)&&($token_respond==$token))
{
	$checkVer=mysql_query("select * from lrverifier where verifier=$lr_transfer");
	$num=mysql_num_rows($checkVer);
	if($num=='0')
	{
		unset($_SESSION["token"]);
		$lrAmount=intval($lr_amnt);
		$balancePlus=abs($lrAmount);
		$batch=intval($lr_transfer);
		$insert=mysql_query("insert into lrverifier set verifier=$batch");
	 	$Date=date("Y-m-d");
		if($balancePlus>=100)
		{
			$AmountAfterPlus=(ceil($balancePlus/20)+$balancePlus);
		}
		else 
		{
			$AmountAfterPlus=$balancePlus;
		}
		mysql_query("insert into payment(amount,reason,lr,userid) value($AmountAfterPlus,'DEPOSIT $balancePlus FROM LR Account: $lr_paidby : $batch',$balancePlus,$UserId)");
		mysql_query("update userinfo set money=money+$AmountAfterPlus,deposit=deposit+$balancePlus where userid=$UserId");
		header('location:../members.php');
		
	}
	else
	{
	
		echo "mistake of payment";
		
	}
}
else 
{
	echo "mistake of payment";
}

?>